Re: able to login as root via ssh :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Todd Zullinger wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don Russell wrote:
Why?  Just curious what made you believe it was disabled by default.
Well.... just ignorance on my part.... but ftp doesn't allow me log
in as root, and I don't recall changing that setting. Call it "I
expected any form of remote access to be consistent in denying root
access". Of course they are different programs (ftp server/ssh
server)... and I always see messages that say "... ssh in, then su -
to root...." sort of implies that ssh to root directly won't work.
But again, abad assumption on my part. :-(

It's not unreasonable to assume the default would be to disable it.
I'm sure there have been debates on what the right default should be
among the openssh developers.  I didn't mean to pick on you by asking.
;-)

No offense taken... I often ask "why did you think that" to people, not as a criticism, but to see what they were thinking. Some times people reach certain conclusions, but have really convoluted thinking/path to get there. In my case, (above) I simply made a bad assumption, and missed the (now) obvious correction.
One of these days I will learn how to do a case-insensitive search in vim :-( I did /root and of course it came up empty... so I figured there must have been some other place...

Add 'set ignorecase' to ~/.vimrc to make it ignore case by default.
You can also do this while in vim by entering that (or the shorthand
set ic) in command mode (:).  To make case sensitive again, use set
noic.

Thanks for that.... I like case insensitive searches by default.... it's very rare that I match on exact case... and it's always easy to just "nope, find next".

You can do something similar with less so that you'll get case
insensitive searches in man pages, which I've found quite helpful.
The --ignore-case (or -i) option is what you want.  You can either
alias less to less -i or export LESS="-i" (adding any other options
you want as well.

That's a good idea too....

You might also want to disable password based authentication and
only allow a few explicit users.  See PasswordAuthentication and
AllowUsers in the sshd_config(5) man page.
That's a good idea.... I'm the only one that needs remote access....
and my logs are always showing people "knocking at the door"
sometimes hundreds a day.

Yep, the same bastards knock on most of our doors too. :)

Yet another helpful method for stopping a lot of that is to run ssh on
a different port.

I'm not a big fan of that ... I like to use standard ports for things... to me, changing port numbers is little more than leaving the door key under the flower pot instead of under the mat. :-) Granted, there are approx 65000 flowerpots to choose from. :-)

If a would-be hacker is put off so easily as a port number change, they are probably harmless anyway. :-)

Thanks... now, if only it wouldn't bother asking for a password when
the userid is 'root'.. like ftp simply denies the request right
there. But, at least that little door is closed now. :-)

It does on my system.  I've set PasswordAuthentication no and
AllowUsers myusername.  Trying to ssh in as root gets me a quick
permission denied message.

I'll check that out.... thanks.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux